{{- if .Values.clusterController }} {{- if .Values.clusterController.enabled }} {{- $serviceName := include "cost-analyzer.serviceName" . -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} --- # # NOTE: # The following ClusterRole permissions are only created and assigned for the # cluster controller feature. They will not be added to any clusters by default. # apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} rules: - apiGroups: - kubecost.com resources: - turndownschedules - turndownschedules/status verbs: - get - list - watch - create - patch - update - delete - apiGroups: - "" - events.k8s.io resources: - events verbs: - create - patch - update - apiGroups: - '' resources: - deployments - nodes - pods - resourcequotas - replicationcontrollers - limitranges - pods/eviction verbs: - get - list - watch - create - patch - update - delete - apiGroups: - '' resources: - configmaps - namespaces - persistentvolumeclaims - persistentvolumes - endpoints - events - services verbs: - get - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets verbs: - get - list - watch - create - patch - update - delete - apiGroups: - apps resources: - statefulsets - deployments - daemonsets - replicasets verbs: - get - list - watch - create - patch - update - delete - apiGroups: - batch resources: - cronjobs - jobs verbs: - get - list - watch - create - patch - update - delete - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - get - list - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - get - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - watch - apiGroups: - events.k8s.io resources: - events verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ template "kubecost.clusterControllerName" . }} subjects: - kind: ServiceAccount name: {{ template "kubecost.clusterControllerName" . }} namespace: {{ .Release.Namespace }} --- apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubecost.clusterControllerName" . }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app: {{ template "kubecost.clusterControllerName" . }} template: metadata: labels: app: {{ template "kubecost.clusterControllerName" . }} spec: containers: - name: {{ template "kubecost.clusterControllerName" . }} image: {{ .Values.clusterController.image }} imagePullPolicy: {{ .Values.clusterController.imagePullPolicy }} volumeMounts: - name: cluster-controller-keys mountPath: /var/keys env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: CLUSTER_ID value: {{ .Values.prometheus.server.global.external_labels.cluster_id }} - name: TURNDOWN_NAMESPACE value: {{ .Release.Namespace }} - name: TURNDOWN_DEPLOYMENT value: {{ template "kubecost.clusterControllerName" . }} {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/keys/service-key.json {{- end }} {{- end }} - name: CC_LOG_LEVEL value: {{ .Values.clusterController.logLevel | default "info" }} - name: CC_KUBESCALER_COST_MODEL_PATH value: http://{{ $serviceName }}.{{ .Release.Namespace }}:{{ .Values.service.targetPort | default 9090 }}/model {{- if .Values.clusterController.kubescaler }} - name: CC_KUBESCALER_DEFAULT_RESIZE_ALL value: {{ .Values.clusterController.kubescaler.defaultResizeAll | default "false" | quote }} {{- end }} ports: - name: http-server containerPort: 9731 hostPort: 9731 serviceAccount: {{ template "kubecost.clusterControllerName" . }} serviceAccountName: {{ template "kubecost.clusterControllerName" . }} volumes: - name: cluster-controller-keys secret: secretName: {{ .Values.clusterController.secretName | default "cluster-controller-service-key" }} # The secret is optional because not all of cluster controller's # functionality requires this secret. Cluster controller will # partially or fully initialize based on the presence of these keys # and their validity. optional: true --- apiVersion: v1 kind: Service metadata: name: {{ template "kubecost.clusterControllerName" . }}-service labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: type: ClusterIP ports: - name: http protocol: TCP port: 9731 targetPort: 9731 selector: app: {{ template "kubecost.clusterControllerName" . }} --- # TurndownSchedule Custom Resource Definition for persistence apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: turndownschedules.kubecost.com labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: group: kubecost.com names: kind: TurndownSchedule singular: turndownschedule plural: turndownschedules shortNames: - td - tds scope: Cluster versions: - name: v1alpha1 served: true storage: true subresources: status: {} schema: openAPIV3Schema: type: object properties: spec: type: object properties: start: type: string format: date-time end: type: string format: date-time repeat: type: string enum: [none, daily, weekly] additionalPrinterColumns: - name: State type: string description: The state of the turndownschedule jsonPath: .status.state - name: Next Turndown type: string description: The next turndown date-time jsonPath: .status.nextScaleDownTime - name: Next Turn Up type: string description: The next turn up date-time jsonPath: .status.nextScaleUpTime {{- end }} {{- end }}